draft-ietf-teep-protocol-02.txt | draft-ietf-teep-protocol-03.txt | |||
---|---|---|---|---|
TEEP H. Tschofenig | TEEP H. Tschofenig | |||
Internet-Draft Arm Ltd. | Internet-Draft Arm Ltd. | |||
Intended status: Standards Track M. Pei | Intended status: Standards Track M. Pei | |||
Expires: October 16, 2020 Broadcom | Expires: January 14, 2021 Broadcom | |||
D. Wheeler | D. Wheeler | |||
Intel | Intel | |||
D. Thaler | D. Thaler | |||
Microsoft | Microsoft | |||
A. Tsukamoto | A. Tsukamoto | |||
AIST | AIST | |||
April 14, 2020 | July 13, 2020 | |||
Trusted Execution Environment Provisioning (TEEP) Protocol | Trusted Execution Environment Provisioning (TEEP) Protocol | |||
draft-ietf-teep-protocol-02 | draft-ietf-teep-protocol-03 | |||
Abstract | Abstract | |||
This document specifies a protocol that installs, updates, and | This document specifies a protocol that installs, updates, and | |||
deletes Trusted Applications (TAs) in a device with a Trusted | deletes Trusted Applications (TAs) in a device with a Trusted | |||
Execution Environment (TEE). This specification defines an | Execution Environment (TEE). This specification defines an | |||
interoperable protocol for managing the lifecycle of TAs. | interoperable protocol for managing the lifecycle of TAs. | |||
The protocol name is pronounced teepee. This conjures an image of a | The protocol name is pronounced teepee. This conjures an image of a | |||
wedge-shaped protective covering for one's belongings, which sort of | wedge-shaped protective covering for one's belongings, which sort of | |||
matches the intent of this protocol. | matches the intent of this protocol. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on October 16, 2020. | This Internet-Draft will expire on January 14, 2021. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
skipping to change at page 2, line 38 ¶ | skipping to change at page 2, line 38 ¶ | |||
4.1.2. Validating a TEEP Message . . . . . . . . . . . . . . 6 | 4.1.2. Validating a TEEP Message . . . . . . . . . . . . . . 6 | |||
4.2. QueryRequest . . . . . . . . . . . . . . . . . . . . . . 6 | 4.2. QueryRequest . . . . . . . . . . . . . . . . . . . . . . 6 | |||
4.3. QueryResponse . . . . . . . . . . . . . . . . . . . . . . 8 | 4.3. QueryResponse . . . . . . . . . . . . . . . . . . . . . . 8 | |||
4.4. TrustedAppInstall . . . . . . . . . . . . . . . . . . . . 10 | 4.4. TrustedAppInstall . . . . . . . . . . . . . . . . . . . . 10 | |||
4.5. TrustedAppDelete . . . . . . . . . . . . . . . . . . . . 11 | 4.5. TrustedAppDelete . . . . . . . . . . . . . . . . . . . . 11 | |||
4.6. Success . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.6. Success . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.7. Error . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 4.7. Error . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
5. Mapping of TEEP Message Parameters to CBOR Labels . . . . . . 15 | 5. Mapping of TEEP Message Parameters to CBOR Labels . . . . . . 15 | |||
6. Ciphersuites . . . . . . . . . . . . . . . . . . . . . . . . 15 | 6. Ciphersuites . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | |||
8.1. Media Type Registration . . . . . . . . . . . . . . . . . 17 | 8.1. Media Type Registration . . . . . . . . . . . . . . . . . 18 | |||
8.2. Error Code Registry . . . . . . . . . . . . . . . . . . . 18 | 8.2. Error Code Registry . . . . . . . . . . . . . . . . . . . 19 | |||
8.3. Ciphersuite Registry . . . . . . . . . . . . . . . . . . 19 | 8.3. Ciphersuite Registry . . . . . . . . . . . . . . . . . . 19 | |||
8.4. CBOR Tag Registry . . . . . . . . . . . . . . . . . . . . 19 | 8.4. CBOR Tag Registry . . . . . . . . . . . . . . . . . . . . 19 | |||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
9.1. Normative References . . . . . . . . . . . . . . . . . . 20 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 20 | |||
9.2. Informative References . . . . . . . . . . . . . . . . . 21 | 9.2. Informative References . . . . . . . . . . . . . . . . . 21 | |||
A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 21 | A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
B. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 21 | B. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
C. Complete CDDL . . . . . . . . . . . . . . . . . . . . . . . . 21 | C. Complete CDDL . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
1. Introduction | 1. Introduction | |||
The Trusted Execution Environment (TEE) concept has been designed to | The Trusted Execution Environment (TEE) concept has been designed to | |||
skipping to change at page 10, line 18 ¶ | skipping to change at page 10, line 18 ¶ | |||
(trusted apps) via the TEEP Agent. | (trusted apps) via the TEEP Agent. | |||
Like other TEEP messages, the TrustedAppInstall message is signed, | Like other TEEP messages, the TrustedAppInstall message is signed, | |||
and the relevant CDDL snippet is shown below. The complete CDDL | and the relevant CDDL snippet is shown below. The complete CDDL | |||
structure is shown in [CDDL]. | structure is shown in [CDDL]. | |||
trusted-app-install = [ | trusted-app-install = [ | |||
type: TEEP-TYPE-trusted-app-install, | type: TEEP-TYPE-trusted-app-install, | |||
token: uint, | token: uint, | |||
option: { | option: { | |||
? manifest-list => [ + SUIT-envelope ], | ? manifest-list => [ + SUIT_Envelope ], | |||
* $$trusted-app-install-extensions, | * $$trusted-app-install-extensions, | |||
* $$teep-option-extensions | * $$teep-option-extensions | |||
} | } | |||
] | ] | |||
The TrustedAppInstall message has the following fields: | The TrustedAppInstall message has the following fields: | |||
type | type | |||
The value of (3) corresponds to a TrustedAppInstall message sent | The value of (3) corresponds to a TrustedAppInstall message sent | |||
from the TAM to the TEEP Agent. In case of successful processing, | from the TAM to the TEEP Agent. In case of successful processing, | |||
skipping to change at page 16, line 35 ¶ | skipping to change at page 16, line 35 ¶ | |||
A TAM may rely on the attestation information provided by the TEEP | A TAM may rely on the attestation information provided by the TEEP | |||
Agent and the Entity Attestation Token is re-used to convey this | Agent and the Entity Attestation Token is re-used to convey this | |||
information. To sign the Entity Attestation Token it is necessary | information. To sign the Entity Attestation Token it is necessary | |||
for the device to possess a public key (usually in the form of a | for the device to possess a public key (usually in the form of a | |||
certificate) along with the corresponding private key. Depending | certificate) along with the corresponding private key. Depending | |||
on the properties of the attestation mechanism it is possible to | on the properties of the attestation mechanism it is possible to | |||
uniquely identify a device based on information in the attestation | uniquely identify a device based on information in the attestation | |||
information or in the certificate used to sign the attestation | information or in the certificate used to sign the attestation | |||
token. This uniqueness may raise privacy concerns. To lower the | token. This uniqueness may raise privacy concerns. To lower the | |||
privacy implications the TEEP Agent MUST present its attestation | privacy implications the TEEP Agent MUST present its attestation | |||
information only to an authenticated and authorized TAM. | information only to an authenticated and authorized TAM and SHOULD | |||
use encryption in EATs as discussed in [I-D.ietf-rats-eat] since | ||||
confidentiality is not provided by the TEEP protocol itself, and | ||||
the transport protocol under the TEEP protocol might be | ||||
implemented outside of any TEE. | ||||
TA Binaries | TA Binaries | |||
TA binaries are provided by the SP. It is the responsibility of | TA binaries are provided by the SP. It is the responsibility of | |||
the TAM to relay only verified TAs from authorized SPs. Delivery | the TAM to relay only verified TAs from authorized SPs. Delivery | |||
of that TA to the TEEP Agent is then the responsibility of the TAM | of that TA to the TEEP Agent is then the responsibility of the TAM | |||
and the TEEP Broker, using the security mechanisms provided by the | and the TEEP Broker, using the security mechanisms provided by the | |||
TEEP protocol. To protect the TA binary the SUIT manifest is re- | TEEP protocol. To protect the TA binary the SUIT manifest is re- | |||
used and it offers a varity of security features, including | used and it offers a varity of security features, including | |||
digitial signatures and symmetric encryption. | digitial signatures and symmetric encryption. | |||
skipping to change at page 20, line 15 ¶ | skipping to change at page 20, line 19 ¶ | |||
[I-D.ietf-rats-eat] | [I-D.ietf-rats-eat] | |||
Mandyam, G., Lundblade, L., Ballesteros, M., and J. | Mandyam, G., Lundblade, L., Ballesteros, M., and J. | |||
O'Donoghue, "The Entity Attestation Token (EAT)", draft- | O'Donoghue, "The Entity Attestation Token (EAT)", draft- | |||
ietf-rats-eat-03 (work in progress), February 2020. | ietf-rats-eat-03 (work in progress), February 2020. | |||
[I-D.ietf-suit-manifest] | [I-D.ietf-suit-manifest] | |||
Moran, B., Tschofenig, H., Birkholz, H., and K. Zandberg, | Moran, B., Tschofenig, H., Birkholz, H., and K. Zandberg, | |||
"A Concise Binary Object Representation (CBOR)-based | "A Concise Binary Object Representation (CBOR)-based | |||
Serialization Format for the Software Updates for Internet | Serialization Format for the Software Updates for Internet | |||
of Things (SUIT) Manifest", draft-ietf-suit-manifest-04 | of Things (SUIT) Manifest", draft-ietf-suit-manifest-08 | |||
(work in progress), March 2020. | (work in progress), July 2020. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
<https://www.rfc-editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
[RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. | [RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. | |||
Adams, "X.509 Internet Public Key Infrastructure Online | Adams, "X.509 Internet Public Key Infrastructure Online | |||
Certificate Status Protocol - OCSP", RFC 2560, | Certificate Status Protocol - OCSP", RFC 2560, | |||
DOI 10.17487/RFC2560, June 1999, | DOI 10.17487/RFC2560, June 1999, <https://www.rfc- | |||
<https://www.rfc-editor.org/info/rfc2560>. | editor.org/info/rfc2560>. | |||
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | |||
2003, <https://www.rfc-editor.org/info/rfc3629>. | 2003, <https://www.rfc-editor.org/info/rfc3629>. | |||
[RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network | [RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network | |||
Interchange", RFC 5198, DOI 10.17487/RFC5198, March 2008, | Interchange", RFC 5198, DOI 10.17487/RFC5198, March 2008, | |||
<https://www.rfc-editor.org/info/rfc5198>. | <https://www.rfc-editor.org/info/rfc5198>. | |||
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object | [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object | |||
skipping to change at page 21, line 10 ¶ | skipping to change at page 21, line 10 ¶ | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
9.2. Informative References | 9.2. Informative References | |||
[I-D.ietf-teep-architecture] | [I-D.ietf-teep-architecture] | |||
Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, | Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, | |||
"Trusted Execution Environment Provisioning (TEEP) | "Trusted Execution Environment Provisioning (TEEP) | |||
Architecture", draft-ietf-teep-architecture-08 (work in | Architecture", draft-ietf-teep-architecture-11 (work in | |||
progress), April 2020. | progress), July 2020. | |||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
<https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
[RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | |||
Definition Language (CDDL): A Notational Convention to | Definition Language (CDDL): A Notational Convention to | |||
Express Concise Binary Object Representation (CBOR) and | Express Concise Binary Object Representation (CBOR) and | |||
JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | |||
skipping to change at page 21, line 45 ¶ | skipping to change at page 21, line 45 ¶ | |||
We would like to thank Kohei Isobe (TRASIO/SECOM), Kuniyasu Suzaki | We would like to thank Kohei Isobe (TRASIO/SECOM), Kuniyasu Suzaki | |||
(TRASIO/AIST), Tsukasa Oi (TRASIO), and Yuichi Takita (SECOM) for | (TRASIO/AIST), Tsukasa Oi (TRASIO), and Yuichi Takita (SECOM) for | |||
their valuable implementation feedback. | their valuable implementation feedback. | |||
We would also like to thank Carsten Bormann and Henk Birkholz for | We would also like to thank Carsten Bormann and Henk Birkholz for | |||
their help with the CDDL. | their help with the CDDL. | |||
C. Complete CDDL | C. Complete CDDL | |||
teep-message = $teep-message-type .within teep-message-framework | Valid TEEP messages MUST adhere to the following CDDL data | |||
definitions, except that "SUIT_Envelope" is specified in | ||||
[I-D.ietf-suit-manifest]. | ||||
SUIT-envelope = bstr ; placeholder | teep-message = $teep-message-type .within teep-message-framework | |||
SUIT_Envelope = any | ||||
teep-message-framework = [ | teep-message-framework = [ | |||
type: 0..23 / $teep-type-extension, | type: 0..23 / $teep-type-extension, | |||
token: uint, | token: uint, | |||
options: { * teep-option }, | options: { * teep-option }, | |||
* int; further integers, e.g. for data-item-requested | * int; further integers, e.g. for data-item-requested | |||
] | ] | |||
teep-option = (uint => any) | teep-option = (uint => any) | |||
; messages defined below: | ; messages defined below: | |||
skipping to change at page 22, line 22 ¶ | skipping to change at page 22, line 26 ¶ | |||
$teep-message-type /= trusted-app-install | $teep-message-type /= trusted-app-install | |||
$teep-message-type /= trusted-app-delete | $teep-message-type /= trusted-app-delete | |||
$teep-message-type /= teep-error | $teep-message-type /= teep-error | |||
$teep-message-type /= teep-success | $teep-message-type /= teep-success | |||
; message type numbers | ; message type numbers | |||
TEEP-TYPE-query-request = 1 | TEEP-TYPE-query-request = 1 | |||
TEEP-TYPE-query-response = 2 | TEEP-TYPE-query-response = 2 | |||
TEEP-TYPE-trusted-app-install = 3 | TEEP-TYPE-trusted-app-install = 3 | |||
TEEP-TYPE-trusted-app-delete = 4 | TEEP-TYPE-trusted-app-delete = 4 | |||
TEEP-TYPE-teep-error = 5 | TEEP-TYPE-teep-success = 5 | |||
TEEP-TYPE-teep-success = 6 | TEEP-TYPE-teep-error = 6 | |||
version = uint .size 4 | version = uint .size 4 | |||
ext-info = uint | ext-info = uint | |||
; data items as bitmaps | ; data items as bitmaps | |||
data-item-requested = $data-item-requested .within uint .size 8 | data-item-requested = $data-item-requested .within uint .size 8 | |||
attestation = 1 | attestation = 1 | |||
$data-item-requested /= attestation | $data-item-requested /= attestation | |||
trusted-apps = 2 | trusted-apps = 2 | |||
$data-item-requested /= trusted-apps | $data-item-requested /= trusted-apps | |||
skipping to change at page 23, line 31 ¶ | skipping to change at page 23, line 36 ¶ | |||
? ext-list => [ + ext-info ], | ? ext-list => [ + ext-info ], | |||
* $$query-response-extensions, | * $$query-response-extensions, | |||
* $$teep-option-extensions | * $$teep-option-extensions | |||
} | } | |||
] | ] | |||
trusted-app-install = [ | trusted-app-install = [ | |||
type: TEEP-TYPE-trusted-app-install, | type: TEEP-TYPE-trusted-app-install, | |||
token: uint, | token: uint, | |||
option: { | option: { | |||
? manifest-list => [ + SUIT-envelope ], | ? manifest-list => [ + SUIT_Envelope ], | |||
* $$trusted-app-install-extensions, | * $$trusted-app-install-extensions, | |||
* $$teep-option-extensions | * $$teep-option-extensions | |||
} | } | |||
] | ] | |||
trusted-app-delete = [ | trusted-app-delete = [ | |||
type: TEEP-TYPE-trusted-app-delete, | type: TEEP-TYPE-trusted-app-delete, | |||
token: uint, | token: uint, | |||
option: { | option: { | |||
? ta-list => [ + bstr ], | ? ta-list => [ + bstr ], | |||
End of changes. 19 change blocks. | ||||
25 lines changed or deleted | 32 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |